Message-ID: <gh-pgjdbc-pgjdbc-3700-rc2182769452@github.com>
From: "vlsi (@vlsi)" <noreply+vlsi@github.com>
To: "pgjdbc/pgjdbc" <noreply+pgjdbc-pgjdbc@github.com>
Date: Thu, 03 Jul 2025 13:20:20 +0000
Subject: Re: [pgjdbc/pgjdbc] PR #3700: Add PEMKeyManager to handle PEM based certs and keys.
In-Reply-To: <gh-pgjdbc-pgjdbc-3700@github.com>
References: <gh-pgjdbc-pgjdbc-3700@github.com>
List-Id: <gh-pgjdbc-pgjdbc.github.com>
X-GitHub-Author-Login: vlsi
X-GitHub-Comment-Id: 2182769452
X-GitHub-Comment-Type: review_comment
X-GitHub-Commit: 77a38555465b2eba6c8b77f7c111cf4f208c302a
X-GitHub-Issue: 3700
X-GitHub-Line: 70
X-GitHub-Path: pgjdbc/src/main/java/org/postgresql/ssl/PEMKeyManager.java
X-GitHub-Repo: pgjdbc/pgjdbc
X-GitHub-Type: review_comment
X-GitHub-Url: https://github.com/pgjdbc/pgjdbc/pull/3700#discussion_r2182769452
Content-Type: text/plain; charset=utf-8

(on pgjdbc/src/main/java/org/postgresql/ssl/PEMKeyManager.java:70)

WDYT of adding `Arrays.fill(privateKeyDERBytes, 0)` and the corresponding zeroing of `keyContent` the  to reduce the retention of the secret keys in memory?